...
| Code Block | ||
|---|---|---|
| ||
long long a = 1;
const char msg[] = "Default message";
/* ... */
printf("%lld %s", a, msg);
|
Risk Assessment
Inconsistent typing in variadic functions can result in abnormal program termination or unintended information disclosure.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL11-C | high | probable | high | P6 | L2 |
Automated Detection
GCC Compiler Version 3.4.4 warns about inconsistently typed arguments to formatted output functions when compiled with the -Wall (see MSC00-C. Compile cleanly at high warning levels) is used.
Compass/ROSE does not currently detect violations of this rule. While the rule in general cannot be automated, due to the difficulty in enforcing contracts between a variadic function and its invokers, it would be fairly easy to enforce type correctness on arguments to the printf() family of functions.
Risk Assessment
Inconsistent typing in variadic functions can result in abnormal program termination or unintended information disclosure.
...
Recommendation
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
DCL11-C
...
high
...
probable
...
high
...
P6
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...